Protect your organization from ransomware: key considerations to secure your enterprise in response to the WannaCry attacks.

Brian Minick
  1. Offsite/offline backups – Performing consistent backups has long been a part of IT best practices and for good reason.  Now more than ever, backups are critical to de-lever your business risk in the wake of a ransomware attack where your data is held hostage.  Importantly, make sure your backups are offline and not able to be accessed by opportunistic perpetrators.
  2. Corporate patching policies – Patches for the vulnerabilities exploited by WannaCry have been available.  Had organizations applied those patches, they would not have been impacted. Businesses must take these opportunistic threats seriously and know that they will continue and broaden.  Mandate that your installed base is up-to-date rather than falling victim to the impact of a costly and disruptive situation.
  3. Network segmentation for high-risk assets – Reduce your organization’s attack exposure by segregating high-risk assets that can not be patched or updated from the rest of your environment.  This will ensure that any compromised assets do not impact the broader business. 
  4. Endpoint real-time visibility – There are only a few critical seconds where an organization can react to a ransomware infection before harm is done.  Having real-time visibility to endpoints will reduce the mean time to detect and respond.  This is critical in heading off ransomware infections before they become a widespread problem in the environment. 
  5. Incident preparedness – Have a well-rehearsed incident response plan in-place to expedite your organization’s response efforts.  Ensure the incident response plan is coordinated and has buy-in across business functions and at the executive-level.  Mandate that your security vendor community and managed security provider is at the ready, capable and able to respond quickly and effectively to mitigate the effects of an attack.